To execute
SSOTokenSampleServlet, you must be authorized
to access that resource. If you do not have authorization, the request
will be denied. See the instructions for setting policy in the Administration
Guide.

Use a browser to access the following URL:

protocol://host:port/SERVICES-DEPLOY-URI/SSOTokenSampleServlet

The default value of SERVICES-DEPLOY-URI is amserver.

The host name
must be a fully qualified name. Your sample program should display
the output in the browser.

To Run a Sample Program on a Remote Client

Before You Begin

Install the Access Manager Client APIs in a web container and
perform the following steps. In the following example, Sun Java System
Web Server is installed in a directory named iws,
and the Access Manager client APIs are installed in a directory named opt. For information on installing the Client APIs, see Chapter 1, Using the Client SDK.

In the directory AccessManager-base/SUNWam/samples/sso,
run the gmake command.

Be sure that the following are included in the Web Server
classpath in the server.xml file:

/opt/SUNWam/samples/sso/SSOSample.jar

/opt/SUNWam/lib/am_sdk.jar

/usr/share/lib/mps/secv1/jss4.jar

/opt/SUNWam/lib/jaxp.jar

/opt/SUNWam/lib/dom.jar

/opt/SUNWam/lib/xercesImpl.jar

/opt/SUNWam/lib/jaas.jar (Add
this only if you are using a JDK version lower than JDK1.4)

/opt/SUNWam/localeand /opt/SUNWam/lib directories

Include java.protocol.handler.pkgs=com.iplanet.services.comm as an argument to be passed into the Web Server virtual
machine (VM).

If the
Access Manager server is running with the Secure Socket Layer (SSL)
protocol enabled, you may need to add the following line to the AMConfig.properties file for testing purposes:

com.iplanet.am.jssproxy.trustAllServerCerts=true

This
property tells the SSL client in the Client APIs to trust all certificates
presented by the servers. Adding this property enables you test the
SSL connection without having the root CA for your test certificate
installed on the this client. Without this property configured, you
must install the SSL server rootCA certificate
in client trust database, and then make sure that the following properties
in AMConfig.properties are set to the same values:

com.iplanet.am.admin.cli.certdb.dir

com.iplanet.am.admin.cli.certdb.prefix

com.iplanet.am.admin.cli.certdb.passfile

To Run the Sample Code

In the /opt/SUNWam/samples/sso directory,
run the gmake command.

This compiles
the samples and creates the necessary JAR files.

Register the sample servlet.

In the file WebServer-base/https-hostName.domainName.com/is-web-apps/services/WEB-INF/web.xml,insert
the following lines immediately after the last </servlet> tag.

Restart the web container where the Access Manager Client
APIs are installed.

Log in to the Access Manager server.

To Invoke the servlet, use a browser to go to the following
URL:

http://amsdk-server.sub.domain/servlet/SSOTokenSampleServlet

The SSOTokenSampleServlet servlet
validates the session and prints out all relevant session information.
You may have to reload the URL (Shift + Reload Button) to see updated
information.

Log out of the Access Manager server.

Because
no log out link exists in the sample servlet, you must use a browser
to access the Access Manager server log out URL. Example: https://hostName.domainName.com/amserver/UI/Logout

To verify that the client SSOtoken is no longer valid,
invoke the servlet a second time.

Use a browser to go
to the following URL:

http://amsdk-server.sub.domain/servlet/SSOTokenSampleServlet

This
time, a session exception occurs. Reload the URL to see the updated
information.

To Run a Sample Program on the Remote Client
Command Line

Before You Begin

You must install the Access Manager Client APIs before you can
run a sample program on the remote client command line. For more information
on using the Client APIs, see Chapter 1, Using the Client SDK.

When you run a single sign-on (SSO) program from the command
line, your application is not running in a web container, but your
application must have access to the cookies from the web container
HTTP requests. Your application must extract the Access Manager cookie
from the request, and then pass the string value of the cookie into
the createSSOToken method. Because notifications
are only supported in a web container, and because your application
is not running in a web container, notifications are not supported
in this sample.

In the directory AccessManager-base/SUNWam/samples/sso,
run the gmake command.

Modify the script AccessManager-base/SUNWam/samples/sso/run to
specify the sample program that you want to test.

For
example, to run SDKCommandLineSSO.java, in the
last line in the script, replace CommandLineSSO with SDKCommandLineSSO. The result looks like this:

${JAVA_EXEC} -Xbootclasspath ...SDKCommandLineSSO $@

If you are using a JDK version lower than JDK1.4, add
the following to the classpath:

/opt/SUNWam/lib/jaas.jar

If SSL is enabled, in the script AccessManager-base/SUNWam/samples/sso/run , add the following VM argument when executing your Java
code:

java.protocol.handler.pkgs=com.iplanet.services.comm

To Test the Command Line

To test the command line you can run the servlet test above,
cut and paste the cookie value and pass it in as the token value.